Unfortunately, this page is not available in your language. However, you can translate the page with Google Translate. This will likely cause translation errors.
This page contains information about how to secure IT and a webshop (or website) and how to protect your online privacy. We advise each merchant to take the time to read this document. You will be better protected against cyber attacks and online fraud. The difficulty level is adjusted to the average internet user and the topics are ranked from important to less important.
IT security is a mindset. It takes time and effort, and the results are not immediately visible. It's not a popular topic, but necessary. Unfortunately, we are seeing that many internet users are careless when it comes to online security and privacy. This is the main reason for DDOS attacks and junk e-mail.
Almost all of the information below will be meaningless if your PC, laptop, tablet or phone is physically accessible.
Secure your PC and laptop with a password, as well as your phone and tablet with a PIN-code to unlock the screen.
The operating system is the application that runs all your applications. A secure operating system is fundamental: if the operating system is not secure, then the security of the applications on top of it is trivial.
Approximately 50% of Windows computers are infected with malware. These are small applications that can spy on the user via the microphone and webcam. They are also capable to log keystrokes. Malware can also collect data such as passwords, address books, documents, photos and screen captures. Usually, infected computers are used in a botnet: they attack websites and are used to send spam.
Malware runs in the background and is not visible on the screen. There can be some clues however: the computer or phone will be slower, it will consume more power (note the fan) and it will send more data.
Incoming e-mail is automatically scanned by our spam filter. When spam is detected, the e-mail is moved to the junk e-mail folder and a warning message is added at the top of the e-mail. We never delete e-mail from our customers: this is to prevent that valid e-mails would be lost.
Outgoing e-mails from your mailbox and from your website include a DKIM signature and SPF records. You can test your e-mail at mail-tester.com.
Browsing the web is done with a web browser: this is the application that you use to view websites. Regularly there are vulnerabilities found in web browsers, so it is important that your browser is up-to-date!
List of web browsers: (sorted by use)
|Google Chrome||Free web browser from Google|
|Mozilla Firefox||Open source web browser from Mozilla|
|Microsoft Internet Explorer||Web browser from Microsoft, replaced by Microsoft EDGE|
|Apple Safari||Web browser from Apple. The Windows version was discontinued in 2012.|
|Microsoft EDGE||Webbrowser from Microsoft, replacing Internet Explorer|
|Opera||Free web browser available for Windows, Mac and Linux|
|Pale Moon||Open source fast web browser based on Mozilla Firefox|
|Chromium||Open source web browser which Google Chrome is based on|
Browser add-ons (plugins or extensions) can improve your security and privacy on the internet.
You are reading an article online, but the website is stuffed with flashing ads which distract you from the actual content. Ads are not only disturbing, in many cases, they also track which websites you visit and what content interests you. An efficient way of preventing this is the blocking of ads and tracking via the HOSTS file. This can be installed on your PC, but also, for example, on your router. This way, your entire network is protected.
An additional advantage: because the ads are not downloaded, you save data and web browsing goes a lot faster.
All our webshops are secured with an SSL/TLS certificate. This is automatically installed when you register a domain name. You don't have to do any technical installations yourself.
Website apps such as widgets, scripting, connectors to social media or a visitors counter can make your website slower, rise security concerns and can track your visitors. We recommend to use them with care or make no use of them at all.
The ideal password is consists of:
Tip: use a passphrase. It's easier to remember and it's safer due to the large number of characters.
Most web browsers will help you to remembering your passwords. This is a fairly safe method, provided that your device is secure and that a "master password" is set: this master password can unlock all your other passwords.
Many web-based services, including EasyWebshop, offer two factor authentication. This provides extra security when logging in. The security is based on something you know (your password) and something you have (your phone).
We highly recommend this: the extra security makes it a lot more difficult for attackers to get access to your account.
In case of payments with credit card and PayPal, the consumer has the possibility to withdraw the payment. Unfortunately, it happens that customers withdraw their payment after they received your products or services. In this case, it is up to you to prove that there is effectively delivered in order to still receive the payment.
Payments that can be withdrawed are:
Payments that cannot be undone:
You can add a surcharge for some payment options to compensate for the loss caused by fraudulent transactions and administration costs. Make sure that your customers can choose at least one payment option for which they are not required to pay extra.
Some payment providers collect personal information from consumers in order to create a spendings profile. To protect the privacy of your customers, we only send the data that a payment provider needs to process the payment:
|Desired method of payment||Bitcoin, PayPal, Sofort|
|Currency||BTC, EUR, USD|
|Interface language||Dutch, English, Spanish|
It sometimes happens that customers firmly claim that they paid their order, or that they want to have their product fast and do not want wait for the bank transfer to complete. Be aware that a bank statement can easily be photoshopped.
For webshops, especially in sales to consumers, it is customary to send the products after the payment is received.
Typical spam e-mails to online merchants are false invoices or reminders to renew your domain name. The only valid emails for your domain name are the emails from EasyWebshop and from the registry's:
This situation occurs especially to new merchants: fraudsters are well aware of the regulations and try to scam the merchant. They target webshops that have just started.
Customers can threat with a lawsuit, or the posting of negative reviews on internet forums or social media.
There are review sites where customers can post reviews about your webshop. This can be an added value to your webshop, but unfortunately these reviews do not always reflect the reality. Satisfied customers usually do not place reviews, an excellent service is - correctly - considered to be normal.
It becomes a problem when these 1% of dissatisfied or unrealistic customers place negative reviews. Some review sites exploit this by forcing you to sign an expensive subscription to be able to remove or to answer the reviews. Do not accept this.
Starting a business and/or a webshop goes slowly: you will have few customers in the beginning. Advertising and marketing can help you acquiring your first customers. Be aware that there are marketing companies that promise a lot but fail to fulfill.
Some typical situations:
The smooth marketing boy always uses the right words: you are going to be rich! His enthusiasm and speech charm you, he has the perfect solution for your business. You only have to sign and new customers will be flooding in. A few weeks later, when your enthusiasm has calmed down, it all seems to be untrue.
Rogue marketing companies may send you a form to add you to their business directory. Coincidentally, there is a mistake in your business's name or in the address. When you send the improved version back, you actually commit to an expensive subscription that is difficult to cancel. The business directory provides little or no customers.
Even large (media)companies can do similar scams. An ad in the newspaper, a magazine or a commercial on the radio: it may be expensive without providing the expected results.
The actual user is, in many cases, the weakest link in IT security. Cyber criminals use crafty tricks to draw information from you. They will, for example, ask you to visit a website infected with malware, or with a web form where you have to log in. The credentials are then sent to the cyber criminal. Or you receive a phone call in which your password or authentication code is asked.
They pretend to be an employee of a bank or an online service or even the police. These e-mails or phones can be very enthusiastic and convincing. You can have both men and women on the line, in many cases English speaking people. Be on your guard, especially when you did not ask for anything!
The tips below can offer extra security and privacy. They are ranked from "highly recommended" to "paranoia".
Avoid apps on the smartphone. Be aware that apps can have access to your photos, camera, microphone, and can send data. If you use them anyway, try to limit access to your personal information.
Avoid unencrypted forms of communication or closed encryption protocols such as Skype and WhatsApp. Good alternatives are e-mail (PGP), XMPP, Ring.cx and Tox.
The Internet of Things (IoT): a coffee machine that is connected to the internet, a smart TV with built-in microphone: it is disastrous for your privacy.
Secure your Wi-Fi network with a strong password and WPA2. Change the admin password of your router. Only make a connection to a Wi-Fi network with WPA2 security and avoid unencrypted networks in hotels or public places. Routers may contain malware in their firmware, you can replace it with DD-WRT or OpenWrt.
Many search engines track what you search, and link it to you as a person. Search engines that you do not follow are DuckDuckGo and StartPage.
For optimal security, encrypt your hard drive. When your laptop is stolen the data cannot be read without the password. A BIOS password does not protect the data on the hard disk!
Virus scanners are not as effective as supposed. In many cases, they make your computer slower and in some cases they contain even malware. A secure operating system with a firewall prevents that you are vulnerable.
Create back-ups and store your backups offline. Test whether you can later restore the backup. External hard drives are a handy tool for this.
Turn off Bluetooth, Wi-Fi and 3G/4G when not in use. Shield RFID tags. Give preference to a wired keyboard.
Tape off your webcam. A lot of malware can activate the camera in your laptop, tablet or phone without illuminating the camera LED. With a piece of cardboard in between you can prevent that glue sticks to the lens of your camera.
Give preference to paying with cash over debit cards and credit cards. This way you avoid that a profile of your purchases is created.
Using the DNS servers, information about the websites you visit can leak. If you want to avoid this, choose a DNS service that you trust or use a VPN.